PikaBot C2 Detected – 85[.]239[.]243[.]155:5000
PikaBot Detection Alerts
PikaBot C2
The Information provided at the time of posting was detected as “PikaBot C2”. Depending on when you are viewing this article, it may no longer be the case and could be determined as being a false positive. Please do your own additional validation. – RedPacket Security
General Information
IP Address | 85[.]239[.]243[.]155 |
Port | 5000 |
Hostname (if available) | vmd129057[.]contaboserver[.]net |
Description | Pikabot is a malware loader that was first observed in early 2023 and became very active following the takedown of Qakbot in August 2023. In December 2023, Pikabot activity ceased, possibly as a result of a new version of Qakbot that emerged. In February 2024, a new version of Pikabot was released with significant changes. The malware continues to pose a significant cyber threat and is in constant development, although the developers have decreased the complexity level of Pikabot’s code by removing advanced obfuscation features. |
Date Detected | 2024-02-14T09:20:02.291000 |
Malware Families (linked to) | Pikabot, QakBot – S0650, Pinkslipbot, QuackBot, QBot, |
Tags | loader, qakbot, malware, obfuscation, injection, ransomware, cobalt strike, cve-2021-44228, quackbot, pinkslipbot, pikabot, qbot, evasion |
References | https://www.zscaler.com/blogs/security-research/d-evolution-pikabot |
Country | US |
Mitre Att&ck Linked TTPS
Mitre Attack ID | Mitre Attack Name |
T1140 | Deobfuscate/Decode Files or Information |
T1036 | Masquerading |
T1055 | Process Injection |
T1566 | Phishing |
T1027 | Obfuscated Files or Information |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.